4 09:30, room 2 Computer and internet security: i think we can win! Bill Cheswick After half a century of work on computer security and software, things just seem to be getting worse. Credit card numbers and passwords are stolen by the tens of millions, and all the old mistakes and errors persist. Writing safe software for practical applications seems to be impossible. But engineering has always been about making something reliable out of unreliable parts. I think we can win. It is our hardware, our software, and our network. We ought to be able to control all of this, and exclude most of the threats we face today. We can at least force the Bad Guys to be present to win. It s not going to happen soon, but I do think it will happen, and I will suggest various approaches, technologies, and players who might be part of the solution. Bill Cheswick is known for his early work in Internet security, including firewalls, proxies, and as co-author on the first full book on firewalls ( Firewalls and Internet Security, celebrating its 20th birthday this year). He is also noted for his work in visualizations, especially Internet maps, which have appeared widely. Ches has worked at Bell Labs and AT&T Shannon Lab, and was a cofounder of Lumeta Corp. He continues to invent, collaborate, write apps, consult, and give talks worldwide. He is a visiting scholar at University of Pennsylvania. 11:00, room 1 IPv6 bij XS4ALL Maarten Carels XS4ALL is al sinds 1993 internetprovider voor particulieren, gedreven door de techniek. Vandaar dat er al lang met IPv6 geëxperimenteerd is. Begin 2010 begon een pilot om IPv6 te leveren aan klanten, eerst op kleine schaal, waarbij het vooral ging om CPEs (klantmodems), vrijwel geen enkel modem ondersteunde toen ipv6. De Duitse leverancier AVM ontwikkelde voor hun Fritz!Box-modems firmware die wel met IPv6 overweg kon. In de loop van 2010 ging de pilot naadloos over in productie, waarmee de meeste XS4ALL-klanten de mogelijkheid kregen om IPv6 op hun verbinding aan te zetten. Op dit moment hebben meer dan klanten IPv6. Maarten Carels is na een studie Informatica aan de Universiteit van Amsterdam een aantal jaren verbonden geweest aan de automatiseringsafdeling van de UvA. Sinds bijna vijf jaar werkt hij als netwerkbeheerder bij internetprovider XS4ALL. Maarten gebruikt en beheert al sinds de jaren 80 Unix-systemen, eerst versie7, later BSD, Solaris en nu meestal Linux, FreeBSD en MacOSX. 4

5 NLUUG in Linux Magazine De NLUUG publiceert regelmatig verenigingsnieuws en columns in het zes keer per jaar verschijnende consumententijdschrift Linux Magazine. Linux Magazine is regelmatig op zoek naar kopij en het blad is een geschikt medium om een groot publiek kennis te laten maken met nieuwe opensource-projecten. 11:00, room 3 Openstack in the Enterprise Alessandro Vozza Openstack is taking the IT world by storm, but how appealing is it towards the enterprise world? What is the role of a paradigmshattering technology as Openstack in a more traditional, slowly-evolving landscape of enterprise applications? Performance, scalability and security considerations must guide the conscious CIO s choices in adopting any new technology, and Openstack makes no exception. We ll walk through how the Openstack ecosystem addresses the concerns of the more conservative IT professionals and how it enables muchneeded innovation and agility in enterprise shops; we ll demonstrate that Openstack is a mature technology that has earned its place among the giants of traditional enterprise software. Alessandro 3.0 has been through several iterations in his professional life, and since May 1st he has analogically reincarnated into being a Openstack specialist at Red Hat for the Benelux, and digitally as a community manager for DevOps and Openstack. 5

6 11:45, room 1 Performance tuning a public mirror server Mike Hulsman [ Proxy ] ftp.nluug.nl is a public mirror server running since the beginning of the 90 s, which currently transfers 4TB of data every day. This talk will provide some background on the service it provides. We discuss a history of the environment. In 2013, we chose to rebuild the server and we made some decisions. The process of performance tuning the ftp.nluug mirror server will be discussed, as well as how we got to the current performance. Mike Hulsman is working at Proxy Services in various roles. Been a sysadmin since DOS was running on workstations, Arcnet was the network and the server was running NetWare ELS level II. Started with Linux from kernel version and since than addicted to *nix. Working on Enterprise solutions for telco s, broadband, banking and technology companies. On systems, SAN storage, monitoring and application level. 11:45, room 2 USE OTR or how we learned to start worrying and love encryption Jurre van Bergen USE OTR (USable Encryption with OTR) is an organisation with a simple goal: improving security, usability and encryption of IM software. This talk will outline our organization, the ecosystem of Off The Record messaging (OTR) and how to start loving end-to-end encryption. We are an organisation that works on security, encryption and usability of open source instant messengers (IM). One key aspect is to have developers, resources and funds available to maintain OTR software over time and thus making them sustainable, up-to-date and secure. While we have already started collaborating with LEAP. se, we want to extend our network and reach out to more people. By developing safer, usable encryption instant messaging tools we believe that it directly supports freedom of speech and expression worldwide. Following this, we will explain what Off The Record Messaging is, the current state of the ecosystem around it. We want to raise awareness about the importance of using end-to-end encryption and bring the open source community together to help with this endeavor! Jurre van Bergen is a software developer at Greenhost, a webhosting company in Amsterdam. He s one of the founders of Technologia Incognita, contributes to several software projects, is treasurer of Hart voor Internetvrijheid and was one of the organizers of NoisySquare at OHM

7 11:45, room 3 Ceph Wido den Hollander Storage, het belangrijkste component in onze IT-infrastructuur. Vaak nu nog gedomineerd door NFS en iscsi, maar zijn deze technieken nog wel geschikt voor wat we willen? De storage wereld wordt ook gedomineerd door grote bedrijven met hun gesloten storage oplossingen. Ceph brengt hier verandering in! Volledig open source en volledig distributed storage. Schalen zonder downtime en zonder een single point of failure. Waar hardwarefalen de regel is in plaats van de uitzondering! Wido den Hollander (1986) is mede-eigenaar en CTO van PCextreme B.V. Hij is tegenwoordig vooral actief in de Ceph- en Apache CloudStack-community. Sinds eind 2009 is hij al bezig met de ontwikkeling en promotie van Ceph. Tegenwoordig werkt hij als Ceph-consultant en -trainer. Wido is een voorvechter van IPv6 en draait zijn Ceph-clusters ook het liefste via IPv6. 13:35, room 3 Lynis Michael Boelen Lynis is an open source security tool to audit Linux and Unix based systems. The main goal is system auditing and providing hardening guidance to users of the tool. The first version of the software was released in 2007 by its author Michael Boelen. It has seen a huge increase in usage during the years and is now part of most software repositories, including those available on Linux and the BSDs. In 2013 Michael founded CISOfy to further professionalize the Lynis toolkit and make it more powerful, including for usage in big enterprises. The development cycle, documentation and features have been greatly extended since that time. In this talk Michael will share the history of the tool, how to use it in your environment and some upcoming features. If you are a system engineer, auditor or consultant and responsible for Unix based systems, you will benefit from the options Lynis has to offer. Michael Boelen is founder of CISOfy, a company specializing in security solutions for Linux/Unix based environments. He worked in both technical and management roles at several multinationals. This gave him valuable insights in what companies need to be efficient and help the business with proper IT solutions. His passion for development started at the age of 10 and in 2003 he released his first open source project: Rootkit Hunter. Besides this popular tool, he developed Lynis in the years after and is now his favorite passion to work on. 7

8 14:00, room 1 Software-defined networks Ronny Lam Software Defined Networking is the new kid on the block in networkingland. In this presentation Ronny will give an introduction to and an overview of SDN, covering the following subjects: What is SDN? How is it different from what we have been doing for 25 years? What is OpenFlow and how does it relate to SDN? Business and operational drivers behind SDN Overlay- and underlay-networks Network Functions Virtualization (NFV) OpenDayLight Project How to start playing with SDN Warning: do not enter this presentation if you are afraid of Unicorns. Ronny started his career in networking some 20 years ago and joined Snow B.V. not much later. He developed a networking team within Snow and did consulting for the large Dutch Cable Operators. Provisioning of networks has always been his main focus and that s why he joined NetYCE a couple of years ago. Ronny embraced the recent rise of DevOps and Software Defined Networking, which started the so much needed (r)evolution of the network. 14:00, room 2 Multi-roled Puppetized Puppet Masters Or: How to use Puppet in Multiple-Customer Environments Without Waste Jeroen van Nieuwenhuizen Tom Scholten Graag laten we zien hoe we bij BitBrains onze infrastructuur aan het puppetizen zijn. We demonstreren hoe we uitdagingen zoals het centraal managen van de verschillende klantomgevingen en het scheiden van code en data met behulp van hiera hebben vorm gegeven. Tevens gaan we in op hoe 3de partijen hun eigen Puppet-code en versiemanagement binnen de klantomgevingen kunnen gebruiken. Dit alles terwijl toch de SOC2- securityrichtlijnen gehandhaafd blijven. We gaan in op hoe we Puppet met Puppet uitrollen en beheren middels onze meta -puppetmaster en hoe we er in geslaagd zijn rollen te managen binnen Hiera, waarbij 1 host toch meerdere rollen kan hebben door de grenzen van de mogelijkheden binnen Puppet en Hiera op te zoeken. In deze presentatie laten we zien welke stappen er nodig waren om ons concept, met tevredenheid van engineers en klanten, werkend te maken. We zijn niet te verlegen om eerlijke vragen terug te stellen en laten 8

9 14:00, room 3 Behind the scenes of IRMA Pim Vullers IRMA (I Reveal My Attributes, https://www.irmacard.org/) is a research and development project focusing on attribute-based credentials and their use in practice. This project includes a pilot in which the users obtain a smart card which they can use to prove attributes about themselves. In this talk I ll give a brief overview of what IRMA is, but the main focus will be on the technological components that enabled us to build this technology (and allows others to build applications and services on top of IRMA). After completing the Computer Security master track of the Kerckhoffs Institute, Pim worked at the Radboud University in Nijmegen as a PhD student in the digital security group. His research on efficient implementations of attribute-based credentials on smart cards laid the foundation for the IRMA project. ons concept voor volledige scheiding van de data zien, waarbij meerdere rollen per server uitgedeeld - en - hergebruikt kunnen worden. Ons beeld van de ideale omgeving waarbij letterlijk het spreekwoordelijke kind de lvextend kan doen. Of de productie-omgeving kan herbouwen! Jeroen van Nieuwenhuizen & Tom Scholten zijn consultants van Snow BV, werkzaam bij Bitbrains. Bitbrains is sinds 2014 gefuseerd met ASP4All. Bitbrains is een in Amstelveen gevestigd bedrijf dat voor een grote diversiteit aan klanten cloudplatforms en High Performance Computing aanbiedt. De eigenzinnige medewerkers met hun hoofd in de wolken maar de voeten stevig op de grond verzorgen services middels 3e generatie cloud-oplossingen. Met het geautomatiseerd uitrollen van systemen zorgen we voor consistentie op de dienstverlening. Hierom worden alle nieuwe klantomgevingen middels Puppet in gebruik genomen. 9

12 16:00, room 2 boot2docker: Zero to Docker in 20 seconds Steeve Morin What started as a hack has turned into a real operating system, used by tens of thousands of developers worldwide. And it all started because we found that having a full featured host operating system isn t needed to run Docker images. boot2docker is essentially trying to change the way people develop, run and deploy software through Docker, across all OSes and hardware. It is opinionated, is distributed as an ISO image, and is read-only. In this talk, I will not only present you what boot2docker is, but what we stand for, and why we think our choices change the way we deal with OS and how Docker is paving the way to the next generation of software. Steeve Morin is freelancer, startupper in recovery, boot2docker creator, loving all things decentralized. 16:00, room 3 Postgres for High Available Applications, part 2: a live migration from Oracle Michel Sijmons [ Nibble-IT ] At the previous NLUUG conference, Michel covered the technical aspects of several client-cases where Postgres was used to implement a high-availability database platform. This time, he will do a live demonstration of an Oracle database that is being migrated to PostgreSQL. Michel Sijmons started working with databases in the late eighties. First as a developer and later as a DBA, consultant, architect and trainer. In 1996 he founded his own company Nibble-IT, which was specialized in embedding RDBMS systems within large logistic and financial companies. In 2000 Nibble-IT made the switch to Open Source databases. Today Michel advises large organizations in implementing Open Source RDBMS solutions in comparison to closed source solutions. Michel has been a trainer for more than 14 years for various database vendors and training companies. He likes the combination of doing projects and being a teacher. 12

13 16:45, room 1 RIPE Atlas and RIPEstat Bert Wijnen Part of the mission of the RIPE NCC is to support core internet infrastructure, by providing active measurement data, and tools that visualize that data, together with registry, routing and DNS information. RIPE Atlas is the biggest active measurement network in the world, with more then 5000 vantage points, small hardware devices hosted by community. We will present the latest features, use cases and future plans, including DSNMON, anchors, alerts and community developments. RIPEstat is a main interface in all the data RIPE NCC collects: RIS (Routing Information Service) about BGP activity, registry information about IPv4, IPv6 prefixes and AS numbers, whois information including Routing Registry, RIPE Atlas, as well as the third-party data such as black-listing, geolocation, and M-Labs bandwidth measurements. Bert Wijnen is a Research engineer at the RIPE-NCC in The Netherlands. He was formerly Senior Manager Internet Standards at Alcatel- Lucent and was a Senior Consulting IT Specialist at IBM, (where he worked for 28 years). Bert is a highly experienced and active participant in Internet Engineering Task Force (IETF), where he is currently Chair of the Network Configuration (netconf) Working Group. Previously, he has served as an IETF Area Director (in OPS and SUBIP). He is credited as an author on 28 RFCs. Oproep voor nieuwe vrijwilligers Wil je helpen om een volgende conferentie tot een nog groter succes te maken, laat ons dit dan weten op Vrijwilligers zijn altijd zeer welkom, zowel eenmalig als voor langere duur. 13

15 16:45, room 3 Synchronous Replication For MySQL Kenny Gryp [ Percona ] Built-in MySQL Replication is known for its capability to enable to scale reads easily. However, there are some limitations and known issues with this solution because of the asynchronous nature of this replication. This talk will describe another way of doing MySQL replication, by using synchronous replication, available in Percona XtraDB Cluster. The open source solution will be explained and compared to traditional asynchronous MySQL replication, as well as some known use cases will be described. Percona XtraDB Cluster is an, open source, high availability and high scalability solution for MySQL clustering. Features include: Synchronous replication, Multi-master replication support, Parallel replication, Automatic node provisioning. Kenny is currently Principal Consultant at Percona. Bitten somewhere in the late 90s by the open-source bug, most of his spare time was spent working with Linux & OpenBSD servers. Eventually, after education, Kenny turned into a Linux system engineer and performed that role at various companies. Before joining Percona, he worked at a large social networking company in Europe as DBA and Puppeteer. De NLUUG verenigt (professionele) gebruikers van Open Systemen en Open Standaarden in Nederland; een gemeenschap van systeem beheerders, programmeurs en netwerk- specialisten. Het doel van de NLUUG is de verbreiding van de toepassing en kennis over Open en UNIX/Linux. 15

Settings for the C100BRS4 MAC Address Spoofing with cable Internet. General: Please use the latest firmware for the router. The firmware is available on http://www.conceptronic.net! Use Firmware version

Comics FILE 4 COMICS BK 2 The funny characters in comic books or animation films can put smiles on people s faces all over the world. Wouldn t it be great to create your own funny character that will give

www.iuscommune.eu Dear Ius Commune PhD researchers, You are kindly invited to attend the Ius Commune Amsterdam Masterclass for PhD researchers, which will take place on Thursday 16 June 2016. During this

This appendix lists all the messages that the DRS may send to a registrant's administrative contact. Subject: 1010 De houdernaam voor #domeinnaam# is veranderd / Registrant of #domeinnaam# has been changed

Don t you worry There s an eternity behind us And many days are yet to come, This world will turn around without us Yes all the work will still be done. Look at ever thing God has made See the birds above

THE WORK During the twenty years of its existence Studio Berkhout has evolved into the number one studio specialized in still life fashion photography. All skills needed for photography and styling, including

Policy Aspects of Storm Surge Warning Systems Ir. Herman Dijk Ministry of Transport, Public Works and Water Contents Water in the Netherlands What kind of information and models do we need? Flood System

Introduction Henk Schwietert Evalan develops, markets and sells services that use remote monitoring and telemetry solutions. Our Company Evalan develops hard- and software to support these services: mobile

Free Electives (15 ects) Information about the Master RE&H (and the free electives) can be found at the following page: http://www.bk.tudelft.nl/en/about-faculty/departments/real-estate-and-housing/education/masterreh/free-electives/

First part of the Inburgering examination - the KNS-test Of course, the questions in this exam you will hear in Dutch and you have to answer in Dutch. Solutions and English version on last page 1. In welk

167 Appendix A: List of variables with corresponding questionnaire items (in English) used in chapter 2 Task clarity 1. I understand exactly what the task is 2. I understand exactly what is required of

Vragenlijst in te vullen en op te sturen voor de meeloopochtend, KABK afdeling fotografie Questionnaire to be filled in and send in before the introduction morning, KABK department of Photography Stuur

Bestuderen Present Simple Normaal Hoe maak je de Present Simple? Kijk eerst maar even naar het volgende rijtje. I You He She It We You see see sees sees sees see see They see Je ziet dat het heel eenvoudig

Expert at a distance Creating a marketplace where expertise is made available through videoconferencing Roland Staring Community Support Manager roland.staring@surfnet.nl Working together for education

Next-Generation Youth Care If we knew what we are doing, we wouldn t call it innovation! Paul Louis Iske Professor Open Innovation & Business Venturing, Maastricht University Internationaal Instituut voor

Tim Akkerman - Head of Mobile Emesa is the largest e-commerce company for searching, comparing and booking travel and leisure packages in the following categories: Holidays - Other accommodations - Hotels

Writing 1 WRITING 1 PART D BK 3 Isn t it incredible? After only two years of learning English you can write your own English WhatsApp messages, tweets and emails. You can also post some lines on an international

Healthy people want everything, sick people want only one thing. would love to see a Hospital Teacher Consultant Education Sick Pupils Educational Service Centre University Medical Centre The Netherlands

Dutch survival kit This Dutch survival kit contains phrases that can be helpful when living and working in the Netherlands. There is an overview of useful sentences and phrases in Dutch with an English

CREATING VALUE THROUGH AN INNOVATIVE HRM DESIGN CONFERENCE 20 NOVEMBER 2012 DE ORGANISATIE VAN DE HRM AFDELING IN WOELIGE TIJDEN Mieke Audenaert 2010-2011 1 HISTORY The HRM department or manager was born

Buy Me! FILE 5 BUY ME KGT 2 Every day we see them during the commercial break: the best products in the world. Whether they are a pair of sneakers, new mascara or the latest smartphone, they all seem to